Estonian pleads guilty in DNS Changer malware scam

Remember the DNS Changer malware that caused a stir in the middle of 2012? It comes down to seven people from Estonia and Russia who were indicted in November 2011 on charges of conspiracy to commit wire fraud and computer intrusion, among other offenses.

Valeri Aleksejev, 32 years old from Estonia, is the first of the seven individuals to enter a plea, admitting his guilt for his role in the global scam that netted approximately $14 million. The other six individuals have been named as Anton Ivanov, Vladimir Tsastsin, Timur Gerassimenko, Dmitri Jegorov, Konstantin Poltev, and Andrey Taame (the sole Russian who has not yet been apprehended).

Malware was delivered to victims' PCs when they visited specially crafted websites (that presumably targeted browser/plug-in flaws) or when they downloaded phony video codec software. The malware changed the DNS settings of the infected computers, and even in cases could change the DNS settings of the routers they were connected to.

Infected computers could not download essential security updates or virus/malware definition files. If the user went to a number of popular online destinations - such as Apple's iTunes site, or Netflix - they would be redirected to other websites entirely that were controlled by the scammers.

Additionally, when viewing other popular websites, such as the New York Times, the advertisements on the page would be replaced with advertisements linked to the gang behind the malware, meaning they would be paid instead of the NYT.

Due to the widespread infection of the malware, temporary DNS servers had to be setup to keep unaware users online while public awareness efforts were made before they were shut off in July 2012.

Aleksejev now faces up to 25 years in prison. Ivanov was extradited to the United States in November, and four further extradition cases are pending against the remaining Estonians. Taame is still at large.